Tag Archives: Spring

How to consume OAuth secured SOAP web service

I faced the issue where I had to consume a SOAP service which was secured by OAuth1.0a. And Spring doesn’t provide any direct solution for consumer OAuth secured SOAP service.

In Producing and Consuming SOAP web service and Consuming SOAP web service over HTTPS, we saw how to consume a SOAP web service. In this post, we will go little beyond this and implement a solution to consume OAuth secured SOAP web service. Securing a web service is general trend and you must secure a web service if you are letting others consume it. This is a secure way to transfer data between producer and consumer without compromising customer data.

Pre-requisites

  1. Spring web services
  2. OAuth library and knowledge

How to implement?

Below is a code that shows how to send a SOAP request call to a web service if it is not OAuth secured.

public class UserClient extends WebServiceGatewaySupport
{
    public GetUserResponse getUserById (int userid)
    {
       GetUserRequest userrequest = new GetUserRequest();
       userrequest.setId(userid);
       GetUserResponse response = (GetUserResponse)getWebServiceTemplate().marshalSendAndReceive(userrequest, new SoapActionCallback("https://localhost:8443/benefits/endpoints/getUserResponse"));
       return response;
     }
}

Basically, we are using a WebServiceTemplate to marshal a request and send it to SOAP endpoint. SoapActionCallback  is callback which allows to change the marshalled message before it can be sent to endpoint and a response can be retrieved.

As part of this solution, we will implement a class SignedMessageSender that will sign the request with OAuth consumer key and secret.


public class SignedMessageSender extends HttpComponentsMessageSender
{
    private final CommonsHttpOAuthConsumer consumer;

    public SignedMessageSender(CommonsHttpOAuthConsumer consumer)
    {
      this.consumer = consumer;
    }

    public WebServiceConnection createConnection(URI uri)
    {
       HttpComponentsConnection conn = null;
       try
       {
          conn = (HttpComponentsConnection)super.createConnection(uri);
consumer.sign(connection.getHttpPost());
       }
       catch (IOException e | OAuthException e)
       {
          e.printStackTrace();
       }
       return conn;
}

Now we build our bean for client to use this message sender, we will assign consumer key and consumer secret. This also uses JAXB marshaller. The code for this will look like below


@Bean

public UserClient getUserClient(Jaxb2Marshaller marshaller)

{

UserClient us = new UserClient();

us.setDefaultUri("https://localhost:8443/benefits/endpoints/users.wsdl");

us.setMarshaller(marshaller);

us.setUnmarshaller(marshaller);

String consumerkey = "";

String secretkey = "";

CommonsHttpOAuthConsumer consumer = new CommonsHttpOAuthConsumer(consumerkey,secretkey);

SignedMessageSender signedMessageSender = new SignedMessageSender(consumer);

signedMessageSender.createConnection(new URL("https://localhost:8443/benefits/endpoints/users.wsdl").toURI());

us.setMessageSender(signedMessageSender);

return us;

}

 

This shows how we can implement a solution to consume a SOAP web service secured by OAuth 1.0a. I am sure we can add similar solution if the service is secured by OAuth 2.0, but that will be another post.

Conclusion

In this post, we showed how to add OAuth signed SOAP message to SOAP service which would return a response to consumer.

References

  1. Add Header to SOAP message
  2. SOAP WS-addressing
  3. https://www.avisi.nl/blog/2012/11/22/consuming-oauth-secured-soap-webservices-using-spring-ws-axiom-signpost/

 

Advertisements